Information Technology

An extensive cyber-espionage operation by a hacker-for-hire group that uses phishing, social engineering, malicious apps, custom malware and zero-day attacks has been secretly targeting governments, private industry and individuals for years in what’s described as a diverse, patient and elusive hacking enterprise.
Dubbed Bahamut, the mercenary hacking group has been carrying out extensive operations against targets around the world in multi-pronged attacks that have been detailed by cybersecurity researchers at BlackBerry. The campaigns appear to have been operating since at least 2016.

More on privacy

“The sophistication and sheer scope of malicious activity that our team was able to link to Bahamut is staggering,” said Eric Milam, VP of research operations at BlackBerry.
“Not only is the group responsible for a variety of unsolved cases that have plagued researchers for years, but we also discovered that Bahamut is behind a number of extremely targeted and elaborate phishing and credential harvesting campaigns, hundreds of new Windows malware samples, use of zero-day exploits, anti-forensic AV evasion tactics, and more.”
SEE: Cybersecurity: Let’s get tactical (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic) 
Bahamut’s ability to call upon zero-day exploits – software vulnerabilities that are unknown to the vendor of the product – puts it up there with some of the most powerful hacking operations around.
However, BlackBerry researchers note that the use of malware is often only a last resort for Bahamut, because malware can leave evidence of attacks behind and that the group prefers to use social engineering and phishing attacks as a primary means of secretly breaching the network of a target organisation with the aid of stolen credentials.
In some cases, Bahamut has been known to observe targets for a year or more before finally striking at what’s perceived to be the best time.
One of the ways Bahamut has been compromising targets is with a network of fake, but painstakingly well-crafted websites, applications and even entire personas. All of this is designed to be tailored towards potential targets in order to gain a better idea of what sort of news stories they’re interested in – and might click links about – in order to eventually serve up a phishing or malware attack.
For example, in one case Bahamut took over the real domain for what was once a real technology and information security website and used it to push out articles on geopolitics, research and industry news, complete with author profiles. While the authors used fake personas, they used pictures of real journalists.
Such was the convincing nature of the specially crafted websites, an article from one of them was featured as a legitimate source in an industry news alert by Ireland’s National Cyber Security Centre in 2019.
In addition to malware and social engineering, Bahamut also employs the use of malicious mobile applications for both iPhone and Android users. The apps came with official looking websites and privacy policies, helping them look legitimate to both users and app stores. In each case, the apps were custom designed to appeal to certain groups and users of a certain language.
By installing one of the malicious apps – the full list of which is detailed in the BlackBerry paper – the user is installing a backdoor into their device that the attackers can use to monitor all the activity of the victims, such as the ability to read their messages, listen to their calls, monitor their location and other espionage activity.
SEE: My stolen credit card details were used 4,500 miles away. I tried to find out how it happened
Researchers note that while the apps are well designed and stealthy, analysis of how they’re configured means they can be traced back to Bahamut – because while the hacker-for-hire group is extremely sophisticated, the people doing the work are still capable of making errors.
“For a group that historically set themselves apart by employing above average operational security and extremely skilled technical capabilities, Bahamut operators are, at the end of the day, still human. While their mistakes have been few, they have also proven devastating. BlackBerry found that the idiom “old habits die hard” applies to even the most advanced of threat groups,” said the report.
Bahamut is believed to still be attempting to conduct active campaigns and the mercenary nature of the group means that potentially any high-profile organisation or individual could end up a target. BlackBerry says it has attempted to alert as many of the individual, government and corporate targets of Bahamut as possible.
MORE ON CYBERSECURITY More

Researchers have spotted a fresh Waterbear campaign in which Taiwanese government agencies have been targeted in sophisticated attacks. 

According to CyCraft researchers, the attacks took place in April 2020, but in an interesting twist, the threat group responsible leveraged malware already present on compromised servers — due to past attacks — in order to deploy malware. 
Waterbear has previously been associated with BlackTech, an advanced cyberattack group that generally attacks technology companies and government entities across Taiwan, Japan, and Hong Kong. 
Trend Micro researchers say the modular malware is primarily “used for lateral movement, decrypting and triggering payloads with its loader component.” Last year, Waterbear captured interest in the cybersecurity industry after implementing API hooking to hide its activities by abusing security products. 
See also: Black Hat: Hackers are using skeleton keys to target chip vendors
In the latest wave, CyCraft says a vulnerability was exploited in a common and trusted data loss prevention (DLP) tool in order to load Waterbear. The job was made easier as malware leftover from previous attacks on the same targets had not been fully eradicated. 
The attackers have been tracked in attempts to use stolen credentials to access a target network. In some examples, endpoints were still compromised from past attacks, and this was leveraged to access the victim’s internal network and covertly establish a connection to the group’s command-and-control (C2) server. 
A vulnerability in the DLP tool was then used to perform DLL hijacking. As the software failed to verify the integrity of DLLs it was loading, the malicious file was launched with a high level of privilege. 
This DLL then injected shellcode into various Windows system services, allowing the Waterbear loader to deploy additional malicious packages. 
Another interesting facet of the loader is the “resurrection” of a decade-old antivirus evasion technique, according to the researchers. 
Known as “Heaven’s Gate,” the misdirection technique is used to trick Microsoft Windows operating systems into executing 64-bit code, even when declared as a 32-bit process. This, in turn, can be used to bypass security engines and to inject shellcode. 
CNET: Privacy push could banish some annoying website popups and online tracking
“Just as 64-bit and 32-bit programs are quite different, so are analysis mechanisms. Malware equipped with Heaven’s Gate contains both 64-bit and 32-bit parts,” the team says. “Therefore, some monitor/analysis systems will only apply 32-bit analysis and will fail the 64-bit part; thus, this approach will break some monitor/analysis mechanisms.”
To scupper analysis attempts, the Waterbear loader will also use RC4 encryption on its main payload and “pad contents [and memory] from Kernel32.dll in front of and behind shellcode.” The size of the malware’s binary was also inflated in an attempt to bypass file-based scanners. 
TechRepublic: Cybersecurity Awareness Month: How to protect your kids from identity theft
In August, the CyCraft team told virtual attendees of Black Hat USA that a Chinese advanced persistent threat (APT) group has been striking the systems of Taiwanese chip manufacturers. 
Sensitive corporate information and property including semiconductor designs, source code, and software development kits (SDKs) have been stolen in “precise and well-coordinated attacks” over 2018 and 2019. At least seven separate vendors have fallen prey to the group. 

Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Google has removed this summer more than 240 Android applications from the official Play Store for showing out-of-context ads and breaking a newly introduced Google policy against this type of intrusive advertising.
Out-of-context ads (also known as out-of-app ads) are mobile ads that are shown outside an app’s normal container. They can appear as popups or as fullscreen ads.
Out-of-context ads are banned on the Play Store since February this year, when Google banned more than 600 apps that were abusing this practice to spam their users with annoying ads.
But despite the public crackdown and ban, other apps showing out-of-context ads have continued to be discovered — such as in June this year.
New cluster discovered
The latest of these discoveries come from ad fraud detection firm White Ops. In a blog post today, the company said it discovered a new cluster of more than 240+ Android apps bombarding their users with out-of-context ads — but made to look like they originated from other, more legitimate applications.

One of RainbowMix’s out-of-context ads made to look like it originated from the YouTube app.
Image: White Ops
White Ops named this group RainbowMix and said it detected the first signs of activity as early as April this year.
Most of the apps were gaming-related, were clones of legitimate apps, but also included a malicious component known as “com.timuz.a” that was responsible for showing the misleading, out-of-context ads.
White Ops said the 240+ apps managed to amass more than 14 million downloads this year alone, and the entire operation reached its peak in August when it was delivering more than 15 million ad impressions per day.

Image: White Ops
According to White Ops telemetry, most of the apps were installed by users across the Americas and Asia, with the top countries being:
20.8% – Brazil
19.7% – Indonesia
11.0% – Vietnam
7.7% – US
6.2% – Mexico
5.9% – Philippines
The names of all the 240+ apps part of the RainboxMix campaign will be listed later today in a blog post on the White Ops blog.
Also, this week, White Ops announced a future name change to a new name that’s more inclusive and representative for all its diverse cast. More

Tesla has informed workers at its Fremont, California plant that a past employee “sabotaged” operations at the facility.

According to an internal memo viewed by BloombergQuint, the incident took place at the 5.3 million square feet facility. Once a General Motors site, Tesla now operates the factory to produce vehicles including the Model S, Model X, and Model 3, as well as individual car components. 
The publication says that the member of staff “maliciously sabotaged” part of the factory leading to operational disruption for several hours.
See also: Choosing the right electric car: Why I won’t buy a Tesla
Tesla’s VP of legal Al Prescott said that IT and information security teams were alerted when the former employee tried to “destroy a company computer.” To cover their tracks, the unnamed individual then attempted to blame a colleague.  
An internal investigation was conducted, the employee confessed when they were shown evidence of their activities, and then was subsequently fired. It does not appear that local law enforcement has been involved in the matter. 
CNET: Privacy push could banish some annoying website popups and online tracking
Tesla has taken the opportunity to warn employees that unethical behavior is unacceptable and said that the firm would, “take aggressive action to defend the company and our people.”
This is not the only incident in which the automaker has been targeted for the purposes of damage or cyberespionage. Last month, Tesla CEO Elon Musk acknowledged a hacking plot in which a Russian national attempted to recruit a rogue employee to install malware on the firm’s corporate network in exchange for $1 million.
TechRepublic: Cybersecurity Awareness Month: How to protect your kids from identity theft
The malware was designed to exfiltrate sensitive corporate data and upload it to an attacker-controlled server. Once in the intended Russian hacking group’s hands, Tesla would then have been subject to a ransom demand, on pain of the files being publicly released. 

Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Over the next few weeks, Google will start rolling out new security alerts for critical issues affecting individual Google accounts, with the alert displayed in the Google app currently being used.  
The major benefit is that recipients of Google’s security alerts – which it pushes to users when it detects their account may have been hacked – don’t need to check their email or a phone’s system alerts for the warning. 

More on privacy

Instead, the alert will appear right in the Google app in use, potentially reducing the time it takes for at-risk individuals to take action and secure their accounts.  
SEE: Security Awareness and Training policy (TechRepublic Premium)
Explaining why the new in-app alerts could help, Google notes in a blogpost that after it started issuing Android system security notifications in 2015, it boosted engagement 20-fold over email alerts, which required opening the email app and finding the alert from Google.   
The new system for delivering critical security alerts has a higher chance of reaching users when they’re paying attention to one of Google’s apps. Google only demonstrates the alert in Gmail.
Users should see an alert icon next to their avatar in the search bar of the Gmail app. Clicking on the alert takes them to a ‘Critical security alert’ page with a ‘Check activity’ button that leads to an explanation of why Google issued the alert. 
The new delivery mechanism could be extra valuable if it also eventually works with frequently used Google apps, like YouTube, Google Maps, the Google app, or Waze. 
According to Google, the new in-app security alerts for Google apps are “resistant to spoofing”.       
Google is planning a limited rollout in the coming weeks and will expand availability early next year. The company has announced the new feature as part of its contribution to National Cybersecurity Awareness month. 
Google’s Safe Browsing system for Chrome and other browsers now protects four billion devices, while Google is blocking over 100 million phishing attempts per day. Google Play Protect, its built-in anti-malware system for Android devices, scans over 100 billion apps every day.  
Google is also introducing a new privacy control to avoid interactions with Google Assistant being saved to a Google account. A new ‘Guest mode’ can be enabled with a voice command that prevents anything a user says to Assistant from being saved to the user’s account. 
This could come in handy when interacting with Google’s Home and Nest smart speakers about subjects a user doesn’t want linked to their account.   
The one drawback of Guest mode is that Google Assistant is not personalized when it’s on. 
SEE: Microsoft 365 vs Google Workspace: Which productivity suite is best for your business?
This builds on Google Assistant privacy controls introduced last year that allow users to delete recent Assistant activity from a Google account with voice commands, such as “Hey Google, delete the last thing I said to you” or “Hey Google, delete everything I said to you last week”.
Separately, in Android 11 Google for the first time has brought Smart Replies to its Gboard keyboard suggestions feature and it has done so in a privacy-preserving way, with suggestions being created from on-device processing rather than in the cloud. The suggestions appear on top of Gboard’s suggestion strip.
While Android can access the content of incoming messages, the Gboard smart keyboard app cannot and it can only see a suggestion once the user taps one of them.

The new security alerts will appear in the Google app being used to cut the time it takes for at-risk individuals to take action. 
Image: Google More

US law enforcement has seized 92 domains used to spread propaganda and fake news by Iran’s Islamic Revolutionary Guard Corps (IRGC). 

The Department of Justice (DoJ) said on Wednesday that the IRGC has used the domains to “unlawfully engage in a global disinformation campaign.”
Four of the domains were used to create news outlets that appeared legitimate but the flow of ‘news’ articles and contents hosted by the websites were controlled by the IRGC. 
See also: Black Hat: When penetration testing earns you a felony arrest record
In particular, US audiences were targeted with Iranian propaganda “to influence United States domestic and foreign policy in violation of the Foreign Agents Registration Act (FARA),” the DoJ claims.
Google tipped off US law enforcement to the global campaign, and then with the help of the tech giant, Twitter, Facebook, and the FBI, 92 domains were confiscated on October 7.

Under the US International Emergency Economic Powers Act (IEEPA) and active sanctions that prevent the unauthorized export of goods and services between Iran and the US, a warrant was issued for the seizure of the illegal domains. 
US prosecutors say the fake news outlets were closed under legislation outlined by FARA, which requires foreign entities to transparently disclose the source of information and people when content attempts to “influence US public opinion, policy, and law.” 
The news websites targeted the US — newsstand7.com, usjournal.net, usjournal.us, and twtoday.net — have now been seized and display an FBI notice. 
One of the domains, newsstand7.com, used the slogan “Awareness Made America Great” and published articles relating to US President Trump, the Black Lives Matter movement, US unemployment, COVID-19, and police brutality, among other topics. 

webarchive.org
“These domains targeted a United States audience without proper registration pursuant to FARA and without notifying the American public with a conspicuous notice that the content of the domains was being published on behalf of the IRGC and the Government of Iran,” the DoJ commented. 
CNET: Privacy push could banish some annoying website popups and online tracking
The other 88 domains targeted audiences in Europe, the Middle East, and Southeast Asia. These domains, too, masqueraded as news outlets and media organizations. 
“We will continue to use all of our tools to stop the Iranian Government from misusing US companies and social media to spread propaganda covertly, to attempt to influence the American public secretly, and to sow discord,” said Assistant Attorney General for National Security John Demers.  “Fake news organizations have become a new outlet for disinformation spread by authoritarian countries as they continue to try to undermine our democracy.”    
TechRepublic: Cybersecurity Awareness Month: How to protect your kids from identity theft
The IRGC has been branded as a foreign terrorist organization by the US government. 
The state-sponsored hacking group has been previously connected to cyberattacks against US aerospace, industrial, and business entities, as well as universities, in information theft and cyberespionage campaigns. In 2018, Iran was cited as a “growing threat” in the cybersecurity landscape by Accenture.

Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

The Internet Corporation for Assigned Names and Numbers (ICANN) has turned on an ICANN Managed Root Server (IMRS) cluster in Singapore, marking it the first of such site in Asia-Pacific. The region currently sees the highest volume of queries worldwide, receiving twice as many as Europe.
The new cluster will help boost the root server capacity for this region as well as the overall resiliency of the root server system, said ICANN in a statement Thursday. The organisation’s Asia-Pacific office is located in Singapore.
Comprising “dozens of servers with substantial internet connectivity”, the Singapore cluster is ICANN’s fourth worldwide with two residing in North America and one in Europe, according to the organisation’s senior vice president and CTO, David Conrad. 

Global pandemic opening up can of security worms
Caught by the sudden onslaught of COVID-19, most businesses lacked or had inadequate security systems in place to support remote work and now have to deal with a new reality that includes a much wider attack surface and less secured user devices.
Read More

“Our existing, smaller IMRS sites in the Asia-Pacific region already receive twice as many queries as Europe, the next-busiest region. Adding an IMRS cluster in Singapore is both strategic and a good use of ICANN resources,” Conrad said. 
Established in 1998 under the US Department of Commerce, the ICANN oversees the infrastructure that matches Web addresses to their corresponding IP addresses. It coordinates these identify-and-match tasks, enabling internet users anywhere to locate and access a site via a decipherable Web address, rather than a string of numbers. This means that the DNS (Domain Name System) will translate Web addresses typed into a browser, such as “zdnet.com”, into the numerical language that machines use to communicate. 
After years of delay, ICANN’s administrative functions were officially transferred out of US jurisdiction in October 2016, but the non-profit organisation’s operations remains bound by Californian laws.
Citing its OCTO-008 research paper released in April, ICANN said global DNS traffic climbed nearly 30% during the COVID-19 pandemic lockdown. 
It said the Singapore IMRS cluster would will enable more of the queries originating in Asia-Pacific to be answered, regardless of the behaviour of networks or servers in other regions. 
“In the event of an attack resulting in significant additional traffic globally, the extra capacity provided by the Singapore cluster will absorb the traffic and help to mitigate the attack,” it noted. “Queries in the region can then continue to be answered, thus, reducing the risk of downtime caused by an inability to query the top of the DNS name hierarchy.”
According to ICANN, root servers respond to initial DNS lookup requests made by DNS resolvers — generally operated by Internet service providers (ISPs) such as Reliance in India or iiNet in Australia. For all other queries, the root server will respond with either a referral to the appropriate top-level domain (TLD) name server or an error response.
Each root server comprises several independent machines located across multiple locations, and the entire root name server network encompasses more than 1,000 machines that are operated by 12 organisations. These are mostly located in the US and include ICANN, Verisign, US Department of Defense, University of Maryland, and NASA. 
The IMRS itself comprises nearly 170 large and small sites worldwide, where machines at the large sites are called clusters, while the ones at small sites are known as instances.
RELATED COVERAGE More

Singapore is setting up a panel comprising global experts to offer advice on safeguarding its operational technology (OT) systems and has unveiled the country’s latest cybersecurity blueprint, focusing on digital infrastructures and cyber activities. It also is hoping to rope in other Asean nations to recognise a Cybersecurity Labelling Scheme (CLS) that rates the level of security for smart devices, such as home routers and smart home hubs. 
Singapore’s latest cybersecurity masterplan builds on its 2016 cybersecurity strategy and looks to boost the “general level of cybersecurity” for its population and businesses. It focuses on the need to secure the country’s core digital infrastructure and cyberspace activities, as well as drive the adoption of cyber hygiene practices amongst its connected citizens. 

Global pandemic opening up can of security worms
Caught by the sudden onslaught of COVID-19, most businesses lacked or had inadequate security systems in place to support remote work and now have to deal with a new reality that includes a much wider attack surface and less secured user devices.
Read More

Launched by Deputy Prime Minister Heng Swee Keat at this year’s Singapore International Cyber Week, held online, the new blueprint was essential in combating the high volume of day-to-day cyber threats faced by people and businesses. 
Heng said during his speech that COVID-19 had underscored the value of digital technology in economic and social activities, but also brought with it risks that must be addressed early. 
“As a relatively nascent frontier, we will need to address issues like the ethical use of technology, user privacy, and a growing digital divide,” he said. “As more people go online, crime and threats have also gone virtual. Cybersecurity will be critical as we become more digital. With the global order coming under pressure, we must avoid a ‘zero sum’ approach to technology.”
With cybercrime in Singapore climbing by more than 50% last year, and cybercrime accounting for more than a quarter of all crimes here, he underscored the need to sharpen the country’s cybersecurity capabilities. 
Part of its latest efforts to combat cyber risks focused on OT and Internet of Things (IoT), which it described as fast-evolving landscapes and could pose distinctive threats and risks. To address these, a new OT Cybersecurity Expert Panel comprising global experts was being set up to advise government agencies and other stakeholders on strategies the country needed to improve the resilience of its OT systems. 
Minister for Communications and Information and Minister-in-charge of Cybersecurity S. Iswaran explained that a successful cyber attack on an OT system could manifest as a severe disruption in the physical world. Such systems, including those in the energy, water, and transport sectors, were critical to deliver essential services and support the economy, he said.
Pointing to issues raised last year, Iswaran added that cybersecurity efforts often were focused on the ICT aspect, though, OT systems were equally important and deserved the attention Singapore now was placing on a national and regional level.
The minister further noted that IoT devices also posed a challenge to defend at scale as the proliferation of smart devices, as well as the emergence of 5G, would create a huge attack surface.
Here, the government hopes to help consumers make more informed purchases with the CLS, which was first announced in March. The scheme assesses and rates registered smart devices according to their level of cybersecurity provisions. 
Launched by the Cyber Security Agency (CSA), the initiative aimed to motivate manufacturers to develop more secure products, moving beyond designing such devices to optimise functionality and cost. 
The CLS initially would be used to assess Wi-Fi routers and smart home hubs, which CSA had prioritised due to the wide adoption of these devices and the impact a security compromise would have on users. 
The scheme is voluntary and comprises four levels of rating based on the number of asterisks, each indicating an additional tier of testing and assessment the product has gone through. 
Level 1, for instance, meant the product had met basic security requirements such as ensuring unique default passwords and providing software updates, while a Level 4 product had undergone structured penetration tests by approved third-party test labs and fulfilled Level 3 requirements.
According to Iswaran, CSA would work with Asean member states and other international partners to establish mutual recognition agreements. 
Deeper cooperation in this region was especially vital as countries moved to capitalise on the digital trajectory fuelled by the global pandemic, he said.
Stressing the need for “strong” international cooperation, Heng noted that cyberthreats transcended national boundaries and would need global collaboration to mitigate these risks. 
Need for rules-based international order
Singapore’s deputy prime minister said the world would be a poorer without multilateralism and globalisation, and this was why the country — alongside many other nations — were “redoubling our commitment” to a rules-based multilateral order. 

Acknowledging the growing tension between China and the US, he expressed hope that both countries eventually would reach a new model of constructive cooperation, as few countries would want to choose sides. 
He pointed to the digital economy as one area of collaboration as it remained one of the few growing sectors during the pandemic, and urged countries to better harness this potential by strengthening digital connectivity to enhance cross-border digital trade. 
In this aspect, Heng noted that Singapore strongly supported an open digital trade architecture and had been actively growing its network of digital economy agreements with like-minded countries. These had included nations such as New Zealand, Chile, and Australia.
And as digital economies grew, so too would the cyber threat attack surface, Iswaran said, during his speech at the 5th Asean Ministerial Conference on Cybersecurity, held Wednesday at the Singapore International Cyber Week. 
“Today, we face an unprecedented level of exposure to cyber threats,” he said. “A safe and secure digital infrastructure must undergird our digital economy ambitions for the region. It is more important than ever for Asean to tackle the challenge of cybersecurity together, in a sustained, holistic, and coordinated manner.”
This should encompass a rules-based international order to ensure a safe and accessible cyberspace, he noted, adding that regional resilience of critical infocomm infrastructures must be strengthened. 
Iswaran said: “[Maintaining a rules-based international order] will be increasingly challenging against the backdrop of a volatile and fractious global landscape, caused by growing geopolitical tensions as well as rising protectionism. Therefore, we have to double down on efforts to create robust rules and engender international collaboration for greater cyber resilience and stability.”
In particular, he noted, critical information infrastructures (CIIs) must be protected as they formed the backbone of each society’s vital services and activities. He added that many cities in Asean served as hubs for services that spanned banking and finance, telecommunications, maritime, and aviation. 
“Thus, the impact of a cyberattack on a national CII may not be confined to that country alone, but also felt in other parts of the region and even the world,” he said. “Beyond protecting national CIIs, Asean can do more to strengthen regional cyber resilience by safeguarding CIIs with cross-border impact, such as common cloud and banking systems. In fact, the significance of the cloud has been heightened because of the pandemic and the response from industry.”
“The need to secure these CIIs cannot be overstated. A cyberattack on any of these might cause wide-ranging disruptions to multiple states in essential services, including those related to international trade, transport, and communications,” the Singapore minister said. 
Asean Secretary-General Lim Jock Hoi concurred, noting that the COVID-19 pandemic had changed the way people lived and worked, with conversations and social interactions moved to the digital space. 
As the region’s reliance on digital technology grew, so too must efforts to ensure security measures were in place and infrastructures were protected, Lim said. 
Resiliency was increasingly important and fostering regional cooperation would be integral to ensure the development of Asean infrastructures that were inclusive and resilient. 
Noting that “we’re only as strong as the weakest link”, he stressed the need for all Asean member states to safeguard their cyberspace. 
RELATED COVERAGE More